package com.etone.smartAudit.config;

import com.etone.smartAudit.apiIntercept.ApiIntercept;
import com.etone.smartAudit.filter.TokenFilter;
import com.etone.smartAudit.security.ClearTextPasswordEncoder;
import com.etone.smartAudit.security.jwt.JWTFilter;
import com.etone.smartAudit.security.jwt.TokenProvider;
import com.etone.smartAudit.service.AuthService;
import lombok.AllArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import java.util.ArrayList;
import java.util.List;

/**
 * @author: 蒋学伟
 * @date: 2018/10/12
 * @description:
 */

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@AllArgsConstructor
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private AuthService authService;

    private TokenProvider tokenProvider;

    private TokenFilter tokenFilter;

    private ApiIntercept apiIntercept;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //auth.userDetailsService(authService).passwordEncoder(new MessageDigestPasswordEncoder("SHA-1"));
        auth.userDetailsService(authService).passwordEncoder(new ClearTextPasswordEncoder());
    }

    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .headers()
                .frameOptions()
                .disable()
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers("/**/*.png", "/**/*.jpg", "/**/*.gif", "/**/*.ttf", "/**/*.css", "/**/*.js").permitAll()
                .antMatchers("/swagger-ui/index.html", "/v3/api-docs", "/swagger-resources/**").permitAll()
                .antMatchers("/auth/login", "/auth/login/gmcc/portal","/auth/login/gmcc/ezt", "/auth/verify.png", "/certificateFile/noAuth/**", "/certificateFile/noAuth/handPerson", "/certificatePersonInfo/**", "/projectFile/download/*", "/onlyoffice/callback*").permitAll()
                .antMatchers("/egcc/verifyMobile", "/egcc/ownerPage", "/use/cpu", "/egcc/app/subscribe", "/egcc/app/unsubscribe").permitAll()
                //放行api中的接口
                .antMatchers(apiIntercept.interceptPaths().toArray(new String[apiIntercept.interceptPaths().size()])).permitAll()
                .antMatchers("/upload/local/**/**").permitAll()
                .antMatchers("/upload/files/static/**").permitAll()
                //这里一定要放到最后
                .antMatchers("/**").access("@customSecurity.check(authentication,request)")
                //.antMatchers("/**").access("@customSecurity.checkRedisToken(authentication,request)")
                .anyRequest().authenticated()
        ;
        JWTFilter customFilter = new JWTFilter(tokenProvider);
        http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
        http.addFilterAfter(tokenFilter, JWTFilter.class);
    }
}
